Sourceware Security Vulnerablity

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Sourceware Security Vulnerablity

Paul Yibelo
Hey,

My name is Paul. I believe I discovered a very nice XSS in your
website sourceware.org. I coudnt find any other place to submit it so,
I just mailedy you here. you should have a bug submit page. :)

here is the payload

https://www.sourceware.org/cgi-bin/cvsweb.cgi/libc/login/programs%0A%0A<script>alert(0);</script>%0A%0A/pt_chown.c?rev=1.12&content-type=text/html&cvsroot=glibc&only_with_tag=MAIN

your error page doesnt sanitize input. hoping to hearing from you :D

Thanks,
Paul